package com.vworks.framework.security.shiro.realm;

import java.util.LinkedHashSet;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

public class CustomRealm extends AuthorizingRealm {

	
	/**
	 * 
	 */
	/*@Autowired
	@Qualifier("sqlSessionFactory")
	private SqlSessionFactory sqlSessionFactory;*/
	
	/**
	 * 为用户加Role、permission
	 */
	@Override protected AuthorizationInfo doGetAuthorizationInfo(
			PrincipalCollection principalcollection) {
		
		
		//TODO 通过用户名得到用户权限列表
		//String username = String.valueOf(getAvailablePrincipal(principalcollection));
		
		Set<String> permissions=new LinkedHashSet<String>();
		
		//带用户角色的操作
		//Set<String> roleNames;//SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
		 
		//用户权限操作
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		
	    info.setStringPermissions(permissions);
	     
	    return info;
		
	}

	/**
	 * 认证用户的正确性
	 */
	@Override protected AuthenticationInfo doGetAuthenticationInfo(
			AuthenticationToken authenticationtoken)
			throws AuthenticationException {
		
		UsernamePasswordToken token=(UsernamePasswordToken)authenticationtoken;
		
		String username=token.getUsername();
		
		String password=String.copyValueOf(token.getPassword());
		
		//TODO 实现验证用户名与密码
		
		SimpleAuthenticationInfo info=new SimpleAuthenticationInfo(username, password.toCharArray(), getName());
		
		return info;
	}

}
